CWE-754: Improper Check for Unusual or Exceptional Conditions — known CVE vulnerabilities
CVEs classified under CWE-754 (Improper Check for Unusual or Exceptional Conditions), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-24054 — CVSS 10.0 (critical): Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like…
CVE-2021-0211 — CVSS 10.0 (critical): An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD)…
CVE-2026-8091 — CVSS 9.8 (critical): Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox…
CVE-2024-52316 — CVSS 9.8 (critical): Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC)…
CVE-2024-7826 — CVSS 9.8 (critical): Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit…
CVE-2023-37303 — CVSS 9.8 (critical): An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails…
CVE-2022-20130 — CVSS 9.8 (critical): In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to…
CVE-2021-33622 — CVSS 9.8 (critical): Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.
CVE-2020-28037 — CVSS 9.8 (critical): is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed…
CVE-2020-8986 — CVSS 9.8 (critical): lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an…
CVE-2020-10571 — CVSS 9.8 (critical): An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.
CVE-2019-19646 — CVSS 9.8 (critical): pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
CVE-2019-0036 — CVSS 9.8 (critical): When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.)…
CVE-2025-0129: An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from…
CVE-2024-43044 — CVSS 8.8 (high): Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system…
CVE-2024-4367 — CVSS 8.8 (high): A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This…
CVE-2020-24677 — CVSS 8.8 (high): Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation…
CVE-2020-6385 — CVSS 8.8 (high): Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a…
CVE-2019-5763 — CVSS 8.8 (high): Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap…
CVE-2026-47216: Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service…
CVE-2026-35225: An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing…
CVE-2025-0128: A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks…
CVE-2026-4687 — CVSS 8.6 (high): Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR…
CVE-2022-20837 — CVSS 8.6 (high): A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE…
CVE-2021-39162 — CVSS 8.6 (high): Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and…
CVE-2021-32780 — CVSS 8.6 (high): Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy…
CVE-2021-1446 — CVSS 8.6 (high): A vulnerability in the DNS application layer gateway (ALG) functionality used by Network Address Translation (NAT) in Cisco IOS XE Software…
CVE-2020-3480 — CVSS 8.6 (high): Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to…
CVE-2020-3421 — CVSS 8.6 (high): Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to…
CVE-2019-15989 — CVSS 8.6 (high): A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an…
CVE-2019-6831 — CVSS 8.6 (high): A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all…
CVE-2018-20840 — CVSS 8.6 (high): An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an…
CVE-2025-48581 — CVSS 8.4 (high): In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could…
CVE-2025-20093 — CVSS 8.2 (high): Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version…
CVE-2024-34360 — CVSS 8.2 (high): go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions (ATXs) which reference…
CVE-2022-43393 — CVSS 8.2 (high): An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to…
CVE-2022-29278 — CVSS 8.2 (high): Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the…
CVE-2020-7800 — CVSS 8.2 (high): The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or…
CVE-2025-13392 — CVSS 8.1 (high): Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and…
CVE-2026-42349 — CVSS 8.1 (high): Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization…
CVE-2025-43715 — CVSS 8.1 (high): Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an…
CVE-2024-34694 — CVSS 8.1 (high): LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s)…
CVE-2025-14322 — CVSS 8.0 (high): Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146…
CVE-2023-28910 — CVSS 8.0 (high): A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag…
CVE-2020-15223 — CVSS 8.0 (high): In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores…
CVE-2026-30900 — CVSS 7.8 (high): Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an…
CVE-2025-24303 — CVSS 7.8 (high): Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version…